Directory Services

Directory

• centralized, hierarchical repository of information about users, groups, devices, and applications in an IT system

Directory Services

• protocols, functions, and APIs that provide access to the directory

• Example: LDAP and DAP

Directory-Enabled Applications

• applications that rely on the directory for authentication and user information

• VPNs, email systems, SSO systems

Hierarchical Organization

• Root → Branches → Leafs

Attributes & Inheritance

• Objects inherit attributes based on location

• When moved, they adopt new location’s attributes

Pruning and Grafting

• moving objects within the directory tree, except the root

Directory Schema

• defines the allowable attributes, structure, and relationships in the directory

Organizational Unit (OUs)

• containers that organize directory objects and can be nested

Leaf Objects

• final objects like users, computers, printers

• can’t contain other objects

Distinguished Name

• unique identifier for an object in the directory

• can be absolute or relative

Relative DN

• only lists the location from the current setting in the client

Absolute DN

• includes the complete location of the item all the way from the root

Directory Context

Directory Naming Conventions

• 4 Layers

  • c = Country

  • o = Organization

  • ou = Organizational Unit

  • cn = Common Name

• LDAP naming

  • cn = John Doe, ou = Student, o = CIT, c = WL

X.500

• early standard for directory services

• introduced trees, DNs, RDNs, and several protocoles (Dap, DSP)

LDAP

• lightweight directory access protocol

• modern replacement for DAP

• TCP/IP based (Port 389)

Active Directory

• Microsoft’s directory service

• X.500 based

eDirectory

• Novell’s directory service

• X.500 based

Open Directory

• Apple’s directory service

• uses LDAP and Kerberos

Directory Scenarios

• Large organizations

  • required with multiple departments

• Small organizations

  • optional, typically use a single location in the directory